Unfortunately for even small businesses, a failure to deal appropriately with eDiscovery or electronic discovery can lead to big legal sanctions down the road. During a legal case where eDiscovery is requested or involved, a court can actually order any offending company to pay the legal fees that are incurred to seek out withheld ESI (that’s electronically stored information, to you and I). Courts can actually tell juries to take into account that a company’s destroyed or unavailable ESI may be presumed to have been harmful to their legal position. Because of these risks, organizations across the globe are now coming to terms with policies for the handling of ESI during litigation procedures.
US Court issues adverse inference instruction to jury
Major ESI rulings teach us lessons about eDiscovery and “holding” policies. In one recent case, the United States District Court for the Southern District of New York issues a series of eDiscovery rulings against the defendant, including an adverse inference jury instruction and an order that the defendant pay the plaintiff’s fees and costs. This was after the restoration of certain tape backups revealed that employees had deleted emails relevant to an unemployment discrimination case.
In order to meet its eDiscovery obligations, the court said that the company and its lawyers must issue a litigation hold, communicate directly and “instruct all employees to produce electronic copies of their relevant active files”. In addition, they must make sure that all backup media types are identified and kept in a secure place.
Litigation holds for email: how to manage them
The lesson from these rulings is that it is vital to issue a litigation hold on all ESI as soon as possible when a legal case presents itself. Sometimes, this will require forward thinking and the hold should be issued before the lawsuit is even filed.
In terms of email, a litigation hold is entirely relevant. However, with an email archiving appliance the threat of losing data or being accused of mishandling data can be negated. An email archiving appliance ensures that all email is securely stored and cannot be tampered with.
Download our white paper now "The Benefits Of Email Archiving" to learn more.
We recently came across an interesting eDiscovery case that backfired on the plaintiff when the defendant was able to produce email archive records and the plaintiff failed to support their own claims. Why? Because the plaintiff’s computer that stored digital records and email had been burned to total destruction.
Harassment case backfires because of eDiscovery best practices
In Evans vs Mobile County, the defendant looked to the court to have the plaintiff produce additional information and to have sanctions imposed because of the on-purpose destruction of her computer. The court reviewed the facts, which included that the plaintiff’s admission that the computer she had used during the period of her alleged harassment had been burned and replaced. The court then granted the defendant’s motions, which included compelling the production of further electronically stored information from the plaintiff’s new computer and also imposed sanctions that included an adverse interference instruction.
At first, the plaintiff produced no files when faced with the court order. Eventually she produced a small number of documents and admitted to the existence of some emails. The court requested that the defendant be allowed to inspect the plaintiff’s personal computer, which the plaintiff failed to comply with. It was then revealed that the plaintiff’s 13-year-old computer had crashed beyond repair, and she had burnt it to reduce the threat of identity theft. The judge then noted that some relevant emails might have been available on the plaintiff’s web based email service anyway. Noting all the conditions of the case, the judge ruled that the plaintiff had spoiled evidence in bad faith.
Spoliation of evidence sanctions must take into account the:
- Importance of the evidence destroyed
- Culpability of the party
- Fundamental fairness
- Alternative sources for the information destroyed
All the facts considered, the judge imposed sanctions on the plaintiff and the defendant had the harassment case reversed, based on their best eDiscovery practices, which ensured that they had complied fully with the law.
This case is a great example of how compliance best practices can work to benefit an organization. To find out how eDiscovery can benefit your organization, get in touch today
Watch our webinar Osterman's 2012 Outlook for Email Archiving for more information.
Reuters have reported that a New York appeals court adopted a new standard for eDiscovery last month, declaring that a party must take steps to preserve relevant documents once it “reasonably anticipates litigation”. The new adoption standard arose when the court upheld a case against a satellite TV company after it deleted emails when a cable company filed a multi-billion dollar lawsuit against it. The emails that were destroyed would have been favorable to the satellite TV company in the court case.
A new standard for eDiscovery practice
The new standard for electronic document preservation and eDiscovery has grown from the famous 2003 case in New York’s Southern District, Zubulake v UBS. During this case, the federal court ruled that a party that reasonably anticipates litigation must immediately suspend any routine document destruction policy and put a “litigation hold” into action, in order to be sure that any relevant documents are preserved for eDiscovery. The Zubulake standard has been adopted in all four New York federal districts but also in some courts around the US, like in the Delaware Court of Chancery.
With regard to the case, Justice Sallie Manzanet-Daniels wrote "The Zubulake standard is harmonious with New York precedent in the traditional discovery context, and provides litigants with sufficient certainty as to the nature of their obligations in the electronic discovery context". In response to the rulings, some critics have said that the standard is “vague” and “unworkable”, and that a hold should only be put on documents when a lawsuit is certain to be filed.
Zubulake always comes back to email deletion
The case was about one satellite company terminating an agreement with a cable company without “proper cause”. The court asserted that the satellite company should have anticipated that their actions would bring on litigation, and said that the satellite company has continued to destroy email for months after the lawsuit was filed.
The company’s email retention policy meant that email was purged just seven days after emails were sent or deleted by an employee. However, a series of emails from the satellite company’s executives surfaced that actually discussed their decision to end their contract with the cable company. The mere existence of these emails led the court to the conclusion that other emails related to the case had been deleted.
This case highlights the importance of having the right email retention policy in place according to your own industry. So, what’s your email retention policy like? Would you be covered in the event of litigation?
Download our white paper "Simple steps to Compliance" now to make sure you are compliant with regulations.
The Freedom of Information Act (FOIA) is becoming more of a burden on industries as requests build up. In a recent study from the Syracuse University research initiative, it’s been noted that FOIA requests are up 27% in the last year. The bulk of these FOIA cases have come from the District of Columbia Federal courts, where requests for information like email and electronic records that are covered by the Freedom of Information Act were up by around 20%. While the requests are increasing, examining the actual court cases also indicates that things are getting a lot more complicated where the FOIA is involved.
Landmark eDiscovery Cases Abound
One of the most notorious judges for eDiscovery rulings is Judge Shira Scheindlin. In February 2011, the judge issued a ruling in the case of National Day Laborer Organizing Network vs. the United States Immigration and Customs Enforcement Agency. During the case, the defendants provided some unsearchable PDF files with no index data when faced with a FOIA request. Because there was no searchable metadata contained within the files, the plaintiffs claimed that the records were unusable. They asked the court to order the reproduction of the files.
What is email metadata?
The metadata of a digital file includes important details about the file’s creation, modification, and source device as a basic standard. Where email is involved, the metadata will contain HTML source code, header information and attachment details.
The Freedom of Information Act mandates that organizations are required to produce records in any requested format that is reproducible. It gets more complicated when you involve the Federal Rules of Civil Procedure, which govern civil procedure in federal courts. One of the rules is that the material produced should be in the exact format requested by the requesting party. Using these rules as guidance, it can be taken that metadata is a required part of an electronic record.
The court in this case adhered to both rules above, and stated that producing electronic data in a manner that eliminates metadata and makes it unsearchable is not acceptable.
This case proves to us why email archiving solutions are so important. Maintaining a tamper proof and fully indexed email archive while maintaining metadata is vital for compliance with eDiscovery best practices.
Watch our webinar "Osterman's 2012 Outlook for Email Archiving" to learn more about email archiving.
Finally accepted that email archiving is part of your business’s destiny? Don’t let it intimidate you: email archiving could be the savior for your business; you just have to choose the right appliance!
The decision to adopt an email archiving solution will be based on the size of your company, your storage requirements and importantly, your legal obligations under compliance acts - like HIPAA, or the Sarbanes-Oxley Act. For a small or medium business, email archiving will end up being a productivity tool and a great way to move old emails off of overloaded email servers, to a secure location that can manage this data effectively. The dependency on PST files will be eased, and administrators will be able to search the archives for specific messages on demand.
In a larger business, the above reasons still apply, but compliance issues tend to be the main driver for email archiving. An email archive for this purpose must have the ability to access and retrieve email within minutes, without the need to call in a SWAT team or trawl through complex backup files. The ability to do this means your archiving solution must have eDiscovery capabilities.
So what major features should you be looking out for?
- First, the solution needs to have a flexible and simple to use search engine. It will give administrators and employees the ability to search for specific email or conversations.
- It also needs to have a customizable retention policy: this will allow the business to control how long email messages are stored for.
- The email archiving solution needs to maintain an archive database that can’t be messed with: we mean tamper proof where these can’t be altered, deleted or moved.
- The above is because if your company needs to use email evidence in a court of law, the company needs to prove the integrity of the emails in question.
- To wrap up the features, you’re looking for a solution that’s easy to install and maintain.
Jatheon's email archiving solution encompasses all these features in a nice neat package? Why not watch our Recorded Webinar to learn more.
What’s the main method of communication between businesses these days? Email of course! Email now consumes so much employee time every day, compared to other tasks. In fact, research indicates that most employees spend ¼ of their working day using email.
In an alarming statistic, as much as 75% of a company’s intellectual property exists in email alone. This is why regulators require organizations to have email archiving solutions. The archive is a secure way to store email in a tamper proof way, while maintaining compliance and eDiscovery capability.
Regulatory Compliance
Regulatory compliance is one of the factors driving the push toward email archiving solutions. Regulations require that organizations must comply with the SOX (Sarbanes-Oxley) Act, HIPAA (Health Insurance Portability & Accountability Act), and the FDA (Food and Drug Administration), to name just a few. To comply with these regulations, organizations must maintain a searchable email archive.
Legal Issues
When lawsuits appear, email archives are lifesavers. Without the proper technology in place, the costs can mount up. There’s no end to how far back a company may have to search its archives (though industry best practices do give guidelines). Without an email archiving solution in place the costs of restoring email from tapes under legal pressure can be exorbitant.
Search
Backing up email to tapes or hard drives means that the ability to search data quickly and accurately is lost. Search is vital to compliance, and it can come at a cost without an email archiving solution. To achieve true eDiscovery readiness, a dedicated email archive is necessary.
Effective data storage
Email archives on local machines are both inefficient and useless. By storing email archives in a central area, the risk of data loss due to error decreases hugely. A central email archive also reduces the risk of loss or theft that often happens to local machines.
Download our white paper "The Benefits Of Email Archiving" for more.
Email is more and more being cited as primary evidence in high profile legal cases. Consider the amount of sexual harassment claims, antitrust claims and discrimination actions that crop up in the news each day. It’s a headache for most employers, who are often held responsible for the actions of employees through email communications. Consider these stats:
- The sending of inappropriate emails by employees embarrassed one top UK law firm, and the world’s media bombarded their head office for weeks afterward.
- In the UK, the Inland Revenue office took action against around 200 employees in relation to misuse of email.
- A total of five Wall Street brokerages had to pay $8.25 million because they discarded email related to customer transactions.
- In the UK, one bank was fined £2.3 million for failing to adhere to compliance regulations.
Email… a sensitive medium with many potential compliance issues
Every day, important business decisions, commitments and financial documents are communicated by email. Companies are being required by law to keep email for substantial retention periods. When compliance isn’t adhered to, there can be substantial legal penalties.
The Sarbanes-Oxley Act of 2002 contains these ominous statements: “whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies or makes a false entry in any record, document... with intent to impede... shall be fined under this title, imprisoned not more than 20 years, or both.”
The drive toward email archiving is ever-increasing, but the majority of companies do not have an email management policy.
Email retention issues:
- During retention periods, all organizations have to ensure that their data is available, searchable, secure and very quickly recoverable.
- During legal proceedings, harassment cases, and eDiscovery requests, access is often required to email archives for evidence.
- The integrity of email is vital, so that it can be used as evidence in court cases.
All of the above issues mandate a secure email archiving solution. Download our white paper Email Archiving - Simple steps to Compliance to make sure you are email compliant.
Not sure which emails to retain, and for how long? It’s time to understand the different factors that influence retention policies. The IT department can influence the retention policy development by advocating for some legal input, and providing technical guidance. Another area the IT department can draw on for retention periods is regulatory policies and mandates, and risk-mitigation best practices.
Factors to consider:
External Mandates
Compliance mandates can range from strict laws naming specific time periods to broader laws, or even certification requirements. Segments like the financial industry, healthcare, education, government, etc are quite strictly regulated. It’s important if your organization is in a heavily regulated industry to learn which regulations cover your area and which kind of laws will apply to your situation.
Nonspecific mandates also exist. They require the enterprise to develop policies around certain documents and to demonstrate adherence due to certification requirements and professional guidelines.
Privacy Laws
Regional differences in privacy laws have to be taken into account when developing an email retention policy. In North America, the courts tend to see employee email as the property of the enterprise. This is because the messages were created on enterprise systems and transmitted, stored and retrieved from them. In Europe, the courts treat email as the property of the sender alone, which places roadblocks in the way that enterprises wish to read, keep or act on information in an email.
What’s the story with statutes of limitation?
It’s important to consider how much time can pass before an enterprise faces a lawsuit regarding data retention. For example, employment records and manuals should be stored for the length of the employee’s stay at the company, plus another period of 7 years. This includes email relevant to the employee and their HR issues.
Download our white paper "Email Archiving - Simple steps to Compliance" for more information.
These days, businesses seek to adopt more compliant email practices in order to deal with the prospect of litigation and eDiscovery requests effectively. To this end, there is a demand for not just email archiving, but complete disaster recovery. Email archiving has been a godsend since regulations and compliance laws started popping up. When eDiscovery requests come in, it’s a blessing. But in so many organizations, there is a wide gap between email archiving and disaster recovery, and it could throw a wrench in the works when an eDiscovery request comes in.
Where does your organization store email?
Think of it this way: how many different systems are storing email in your organization, right now? Imagine over 5 different places: the main server, the backup server, the email archive itself, an archive backup, local user archives, on server backups of those. There could be 5 or 7 copies of each message, and this makes it tough to follow a main data retention policy.
The main email archive must contain every email. This is so that it can be fully compliant with eDiscovery best practices. In addition, email messages have to be deleted from every storage medium when a data retention policy dictates so. The problem is, the gap between archiving systems and disaster recovery processes can lead companies to make some serious mistakes. The mistakes can ruin a good eDiscovery strategy because costly searches have to be carried out for messages stored outside the archive.
- Sometimes, messages are deleted from a storage medium on time, but they are allowed to stay on in the primary email inbox beyond the retention period.
- The email messages stored in local archive files (like Microsoft PST) are unmanaged and allow access to emails outside their retention period.
- Back-up tapes are often poorly managed and can retain data for longer then the retention period states. Sometimes, they are stored indefinitely.
This causes a myriad of problems for companies when archiving and email disaster recovery cross paths in the wrong way. The best way to approach this problem is to simplify the systems and consolidate them on a proper compliant email archiving system, while moving away from on-computer email archives.
Stay tuned for important updates about email disaster recovery from Jatheon.To learn more about email archiving watch our "Osterman's 2012 Outlook for Email Archiving" webinar now!
Let’s start with the basics. Have you heard of email archiving before? Probably, or you wouldn’t be visiting our humble blog. Email archiving is an IT solution that works with email servers like Microsoft Exchange, Lotus, etc. to provide a quick and easy archive with easy discovery and retrieval of archived messages. But why would an organization really NEED email archiving? The reasons are plentiful, but today we’ll focus on two of the most common drivers towards email archiving: compliance, and data storage.
Compliance
Regulations and laws have most industries with their hands tied, so to speak. Those in the financial, healthcare, education, professional services and government sectors especially can feel the noose of compliance tightening around their neck. These organizations are faced with eDiscovery woes and litigation fears that can lead to penalties if email isn’t handled in a compliant manner. With the way emails are multiplying, combined with IM messaging and other messaging, it can be difficult for small and larger companies to handle this data. Email archiving alleviates all of these issues.
Data growth
No matter the size of the organization, data is going to be a concern. Most organizations consume and process a lot of data, and that means a lot of email communication. You can have a “big data” problem, even if you’re a small company Email can be a huge part of this big data issue. Because it multiplies every day, it can soon become a burden. Email archiving provides the architecture required to deal with mass email storage and retrieval.
So, it doesn’t matter what kind of organization you have: small, large, 5 employees, 500, or 5000 The reasons are there to archive email properly. With solutions available for all sizes, Jatheon can help alleviate compliance and data storage issues.
Watch our webinar "Osterman's 2012 Outlook for Email Archiving" to find out more.